hasura-stack.yml

version: '3.1'
services:
  reverse-proxy:
    image: traefik # The official Traefik docker image
    command: --api --docker # Enables the web UI and tells Traefik to listen to docker
    ports:
      - "80:80"     # The HTTP port
      - "8080:8080" # The Web UI (enabled by --api)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
  postgres:
    image: mdillon/postgis:11-alpine
    restart: always
    volumes:
    - db_data:/var/lib/postgresql/data
  authentication:
    image: platyplus/authentication
    restart: always
    labels:
      - "traefik.frontend.rule=Host:auth.${DOMAIN}"
      - "traefik.port=8080"
    depends_on:
    - "postgres"
    environment:
      NODE_ENV: production
      DATABASE_URL: postgres://postgres:@postgres:5432/postgres
      AUTH_PRIVATE_KEY: "${PRIVATE_KEY}"
      AUTH_PUBLIC_KEY: "${PUBLIC_KEY}"
  graphql-engine:
    image: hasura/graphql-engine:v1.0.0-alpha37
    labels:
      - "traefik.frontend.rule=Host:graphql.${DOMAIN}"
      - "traefik.port=8080"
    depends_on:
    - "postgres"
    restart: always
    environment:
      HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:@postgres:5432/postgres
      HASURA_GRAPHQL_ENABLE_CONSOLE: "${HASURA_ENABLE_CONSOLE}"
      HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256", "key":"${PUBLIC_KEY}"}'
      HASURA_GRAPHQL_ACCESS_KEY: "${HASURA_ACCESS_KEY}"
volumes:
  db_data:

note: the authentication service is available in this repo

Environment variables:

DOMAIN=localhost
PRIVATE_KEY=<RSA private PEM key escaped with \n>
PUBLIC_KEY=<RSA public PEM key escaped with \n>
HASURA_ACCESS_KEY=<Your Hasura secret key>
HASURA_ENABLE_CONSOLE=<true/false>

When I add values to the .env file, for:
HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256", "key":"${PUBLIC_KEY}"}'

I am getting the error:
graphql-engine_1 | Fatal Error: JWT conf: Error in $: Failed reading: satisfy

When I add values to the .env file, for:
HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256", "key":"${PUBLIC_KEY}"}'

I am getting the error:
graphql-engine_1 | Fatal Error: JWT conf: Error in $: Failed reading: satisfy

Hello @celvin,
Sorry I only see your message now. I haven't tested this compose file with environment variables defined in a .env file.
However it seems this error is a json parsing error, so my guess is that the PUBLIC_KEY variable is not available in the graphql-engine container.
According to the docker documentation:

Environment variables defined in the .env file are not automatically visible inside containers. To set container-applicable environment variables, follow the guidelines in the topic Environment variables in Compose, which describes how to pass shell environment variables through to containers, define environment variables in Compose files, and more.

So maybe you need to specify a env_file option in the compose file?

thanks for your response, well actually all the other environment variables in that file are being sent to the different containers that I have, but it would be probably as you said a json parse problem, I will continue with this but for now I have created a passport login service and exposing there http://localhost:8081/jwks and then using the url and it is working fine. thanks a lot for this project it is really awesome and congratulations.

…

On Fri, May 17, 2019 at 12:14 AM Pilou ***@***.***> wrote: When I add values to the .env file, for: HASURA_GRAPHQL_JWT_SECRET: '{"type":"RS256", "key":"${PUBLIC_KEY}"}' I am getting the error: graphql-engine_1 | Fatal Error: JWT conf: Error in $: Failed reading: satisfy Hello @celvin <https://github.com/celvin>, Sorry I only see your message now. I haven't tested this compose file with environment variables defined in a .env file. However it seems this error is a json parsing error, so my guess is that the PUBLIC_KEY variable is not available in the graphql-engine container. According to the docker documentation <https://docs.docker.com/compose/env-file/>: Environment variables defined in the .env file are not automatically visible inside containers. To set container-applicable environment variables, follow the guidelines in the topic Environment variables in Compose, which describes how to pass shell environment variables through to containers, define environment variables in Compose files, and more. So maybe you need to specify a env_file option in the compose file? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://gist.github.com/b8503c869ffa2b5d4e42dc9137b56ae1?email_source=notifications&email_token=AABMP3LME242HVVE7X2GTG3PVZELHA5CNFSM4HNSL4TKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFSGUI#gistcomment-2919748>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABMP3KY2LRCPDRBRTUDHULPVZELHANCNFSM4HNSL4TA> .

I think Hasura requires to escape the end of lines in the key variables with "\n" instead. I am not sure this is the issue but I would give it a try. I explain it in this repo. What I did to format the key in the right format:

awk -v ORS='\\n' '1' public_key.pem

Yes I've used something from there, that way is working nice, and anyway it will be the way I will use it, but adding the escaped public key didn't work but this way is actually better for the way I need to implement it, thanks a lot!

…

On Fri, May 17, 2019 at 10:12 AM Pilou ***@***.***> wrote: I think Hasura requires to escape the end of lines in the key variables with "\n" instead. I am not sure this is the issue but I would give it a try. I explain it in this repo <https://github.com/platyplus/authentication-server> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <https://gist.github.com/b8503c869ffa2b5d4e42dc9137b56ae1?email_source=notifications&email_token=AABMP3O5UJ6DGJFMZ4SFJC3PV3KPNA5CNFSM4HNSL4TKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAFSHPM#gistcomment-2920182>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABMP3LT3ZRXTK44R2LTUCTPV3KPNANCNFSM4HNSL4TA> .